SunRay ConnectorforWindowsOperatingSystems 2 ...Using UNIX Commands This document does not contain information on basic UNIX® commands and procedures, such as shutting down the system,

Sun Microsystems, Inc.www.sun.com

Submit comments about this document to [email protected]

Sun Ray™ Connector for Windows Operating Systems2.1 Installation and Administration Guide

Part No. 820-3776-10October 2008, Revision A

Copyright 2005 —2008,Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. Inparticular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed athttp://www.sun.com/patents, and one or more additional patents or pending patent applications in the U.S. and in other countries.

This document and the product to which it pertains are distributed under licenses restricting their use, copying, distribution, anddecompilation. No part of the product or of this document may be reproduced in any form by any means without prior written authorization ofSun and its licensors, if any.

Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.

Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark inthe U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

Sun, Sun Microsystems, the Sun logo, Sun Ray, Sun Ray Connector for Windows OS, Sun WebServer, Sun Enterprise, Ultra, UltraSPARC, SunJava Desktop System, SunFastEthernet, Sun Quad FastEthernet, Java, JDK, HotJava, Solaris, and the Appliance Link Protocol (ALP) aretrademarks, registered trademarks, or service marks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are usedunder license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearingSPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

Netscape is a trademark or registered trademark of Netscape Communications Corporation.

The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledgesthe pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sunholds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPENLOOK GUIs and otherwise comply with Sun’s written license agreements.

Federal Acquisitions: Commercial Software—Government Users Subject to Standard License Terms and Conditions.

Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in the Sun Microsystems, Inc. license agreements and asprovided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (Oct. 1998), FAR 12.212(a) (1995), FAR 52.227-19, orFAR 52.227-14 (ALT III), as applicable.

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright 2005—2008, Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.

Sun Microsystems, Inc. a les droits de propriété intellectuels relatants à la technologie incorporée dans le produit qui est décrit dans cedocument. En particulier, et sans la limitation, ces droits de propriété intellectuels peuvent inclure un ou plus des brevets américains énumérésà http://www.sun.com/patents et un ou les brevets plus supplémentaires ou les applications de brevet en attente dans les Etats-Unis et dansles autres pays.

Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et ladécompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, parquelque moyen que ce soit, sansl’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y ena.

Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par desfournisseurs de Sun.

Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marquedéposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.

Sun, Sun Microsystems, le logo Sun, Sun Ray, Sun Ray Connector for Windows OS, Sun WebServer, Sun Enterprise, Ultra, UltraSPARC, SunJava Desktop System, SunFastEthernet, Sun Quad FastEthernet, Java, JDK, HotJava, Solaris et Appliance Link Protocol (APL) sont des marquesde fabrique ou des marques déposées, ou marques de service, de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays.

Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc.aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par SunMicrosystems, Inc.

Netscape est une marque de Netscape Communications Corporation aux Etats-Unis et dans d’autres pays.

L’interface d’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sunreconnaît les efforts de pionniers de Xerox pour la recherche et le développment du concept des interfaces d’utilisation visuelle ou graphiquepour l’industrie de l’informatique. Sun détient une license non exclusive do Xerox sur l’interface d’utilisation graphique Xerox, cette licencecouvrant également les licenciées de Sun qui mettent en place l’interface d ’utilisation graphique OPEN LOOK et qui en outre se conformentaux licences écrites de Sun.

LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSESOU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENTTOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU AL’ABSENCE DE CONTREFAÇON.

Contents

Preface xi

1. Introduction 1

Architectural Overview 1

Features 3

Compression 3

Encryption 3

Smart Cards 4

Session Directory 5

Local Drive Mapping 5

Audio Support 5

Multimedia Support 6

YUV Video 6

H.264 Video 6

VC-1 Video 7

Session Reconnection 9

Serial Port Mapping 9

Printing 9

Clipboard 9

Licensing 10

iii

Limitations 10

Copy-and-Paste, Cut-and-Paste 10

USB Disk 10

2. Installation 11

Basic Installation (Solaris) 12

Basic Installation (Linux) 14

Uninstallation 15

Upgrade Procedure 16

Multimedia Redirection 17

Installation and Registration 17

Additional Requirements for H.264 (MPEG-4) 17

Xinerama Limitation 18

3. Using the Sun Ray Connector for Windows OS 19

Command Line Options 19

Graphical User Interface (GUI) 21

4. Administration 23

Compression and Encryption 23

JDS Integration Package 23

Licensing 24

Licensing Modes and Hotdesking 25

Per-user Mode 25

Per-device Mode 25

Load Balancing 26

Proxy Daemon 26

Printing 27

Printer Configuration Caching 27

Setting Up Print Queues 27

iv Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

Solaris Printing 28

Linux Printing 28

Making Sun Ray Printers Available to Windows 30

Session Directory 31

Smart Cards 31

A. Configuring Solaris Trusted Extensions for Windows Access 33

B. Kiosk Session 35

Session Descriptor 35

Session Script 36

Session Script Arguments 36

Non-Sun Ray Windows Connector Arguments 36

Sun Ray Windows Connector Arguments 37

Installation and Configuration 37

Supplemental Information 39

Follow-Me Printing 39

Windows Session Locking 40

C. Troubleshooting 41

Printer Caching 41

Printer Not Visible in Windows 41

Windows Printing 41

Solaris or Linux Printing 42

Sun Ray DTU Local Printing 42

Multimedia Redirection Icon 42

Multimedia Debugging 43

uttsc Error Messages 44

Glossary 47

Contents v

Index 53

vi Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

Figures

FIGURE 1-1 Sun Ray–Windows Connectivity 2

FIGURE 1-2 Sun Ray 1 Multimedia Redirection 7

FIGURE 1-3 Sun Ray 2 Multimedia Redirection 8

FIGURE 1-4 Media Player Error 9

FIGURE 3-1 A Windows Session Running in a Solaris Window 20

FIGURE B-1 Selecting a Kiosk Session 38

FIGURE C-1 Multimedia Redirection Icon 42

vii

viii Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

Tables

TABLE 1-1 Supported VC-1 Video Levels 7

TABLE 2-1 Supported Operating System Versions for the Sun Ray Windows Connector 11

TABLE B-1 Kiosk Session Descriptors 35

TABLE C-1 Multimedia Error Messages 43

TABLE C-2 uttsc Error Messages 44

ix

x Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

Preface

This volume provides instructions for installing, using, and administering the SunRay™ Connector for Windows OS, a Sun-supported terminal services client basedon the Microsoft Remote Desktop Protocol (RDP).

AudienceThis manual is intended for system and network administrators who are alreadyfamiliar with Windows operating systems and the Sun Ray™ computing paradigm.In particular, this document should provide Windows administrators with what theyneed to install, set up, and administer the Sun Ray Connector. For information onadministering Sun Ray servers, please see the Sun Ray Server Software 4.1Administrator’s Guide for the Solaris Operating System or the Sun Ray Server Software 4.1Administrator’s Guide for the Linux Operating System.

For information on administering Windows terminal services, seewww.microsoft.com.

ScopeThis manual is written from the point of view of the Sun Ray Connector softwarerunning on the Solaris™ and Linux operating systems. Although the Sun RayConnector is a Windows terminal services client, this manual does not give anyinstructions for administering Windows Terminal Servers or other Microsoftproducts.

xi

Before You Read This BookThis guide assumes that you have access to a Sun Ray Desktop Unit (DTU) attachedto a Sun Ray Server running version 4.1 of the Sun Ray Server Software and have anetwork connection to at least one Microsoft Windows Terminal Server.

Using UNIX CommandsThis document does not contain information on basic UNIX® commands andprocedures, such as shutting down the system, booting the system, or configuringdevices. This document does, however, contain information about specific Sun Raysystem commands as they pertain to management of the Sun Ray Connector.

Typographic Conventions

Typeface Meaning Examples

AaBbCc123 The names of commands, files,and directories; on-screencomputer output

Edit your.login file.Use ls -a to list all files.% You have mail.

AaBbCc123 What you type, when contrastedwith on-screen computer output

% su

Password:

AaBbCc123 Book titles, new words or terms,words to be emphasized

Read Chapter 6 in the User’s Guide.These are called class options.You must be superuser to do this.

Command-line variable; replacewith a real name or value

To delete a file, type rm filename.

xii Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

Shell Prompts

Related Documentation

Shell Prompt

C shell machine_name%

C shell superuser machine_name#

Bourne shell and Korn shell $

Bourne shell and Korn shell superuser #

Application Title Part Number

Administration Sun Ray Server Software 4.1 Administrator’s Guidefor the Solaris Operating System

820-3768

Administration Sun Ray Server Software 4.1 Administrator’s Guidefor the Linux Operating System

820-3769

Installation Sun Ray Server Software 4.1 Installation and Configuration Guidefor the Solaris Operating System

820-3770

Installation Sun Ray Server Software 4.1 Installation and Configuration Guidefor the Linux Operating System

820-3771

Release Notes Sun Ray Server Software 4.1 Release Notesfor the Solaris Operating System

820-3774

Release Notes Sun Ray Server Software 4.1 Release Notesfor the Linux Operating System

820-3775

Release Notes Sun Ray Connector for Windows OS, Version 2.1 Release Notes 820-3777

Preface xiii

Third-Party Web SitesSun is not responsible for the availability of third-party web sites mentioned in thisdocument. Sun does not endorse and is not responsible or liable for any content,advertising, products, or other materials that are available on or through such sitesor resources. Sun will not be responsible or liable for any actual or alleged damageor loss caused by or in connection with the use of or reliance on any such content,goods, or services that are available on or through such sites or resources.

Accessing Sun DocumentationYou can view, print, or purchase a broad selection of Sun documentation, includinglocalized versions, at:

http://docs.sun.com

Sun Welcomes Your CommentsSun is interested in improving its documentation and welcomes your comments andsuggestions. Please email your comments to Sun at:

[email protected]

xiv Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

CHAPTER 1

Introduction

The Sun Ray™ Connector for Windows OS is a Sun-supported terminal servicesclient, based on the Microsoft Remote Desktop Protocol (RDP), that enables Sun Rayusers to access applications running on remote Microsoft Windows Terminal Servers(WTS). It is especially useful to those who are accustomed to Windows-basedapplications or who wish to access documents in certain formats from a Sun Raythin client. It gives users access to a Windows desktop, either occupying the entireSun Ray screen or running in a window in a Solaris™ or Linux environment.

The Sun Ray Connector for Windows OS is often referred to as the Sun RayWindows Connector.

Architectural OverviewFrom a user point of view, the Sun Ray Windows Connector mediates between theSun Ray desktop and the Windows Terminal Server. Residing on the Sun Ray server,it uses the Remote Desktop Protocol (RDP) to communicate with the WindowsTerminal Server and the Appliance Link Protocol™ (ALP) to communicate with theSun Ray desktop, as suggested in FIGURE 1-1. Once installed, the Sun Ray WindowsConnector requires only that a user type a simple command to connect to aWindows Terminal Server where the usual applications reside. The command can bemodified to accommodate a variety of preferences, or options, for instance to specifyscreen size or a list of available printers.

1

FIGURE 1-1 Sun Ray–Windows Connectivity

Sun RayConnector forWindows OS

RDP

ALP

Sun RayServer

Software

Solaris or LinuxOperating

System

Sun Ray DTUs (any model)

Load Balancer(Optional)

WindowsTerminal Server 1

Session DirectoryServer (Optional)



WindowsServerFarm

SunRayServer

2 Sun Ray Connector for Windows Operating Systems 2.1 Installation and Administration Guide • October 2008

FeaturesThe Sun Ray Windows Connector supports:

■ compression

■ encryption

■ smart cards

■ session directory

■ local drives

■ audio devices

■ video playback

■ serial devices

■ printer redirection

■ clipboard

These features are described in the following sections.

CompressionThe Sun Ray Windows Connector uses Microsoft Point-to-Point Compression(MPPC) to compress data between the Sun Ray Server, which runs the Sun RayWindows Connector, and the Windows Terminal Server.

EncryptionThe Sun Ray Windows Connector uses RSA Security’s RC4 cipher, which encryptsdata of varying size with a 56-bit or a 128-bit key, to secure all data being transferredto and from the Windows server.

Four levels of encryption can be configured at the Windows Terminal Server:

■ Low

All data from client to server is encrypted based on maximum key strengthsupported by the client.

■ Client-compatible

All data between client and server in both directions is encrypted based on themaximum key strength supported by the client.

Chapter 1 Introduction 3

■ High

All data between the client and server in both directions is encrypted based onthe server’s maximum key strength. Clients that do not support this strength ofencryption cannot connect.

■ FIPS-Compliant

FIPS-compliant encryption is not supported1.

Note – Data encryption is bidirectional except at the Low setting, which encryptsdata only from the client to the server.

Smart CardsThe Sun Ray Windows Connector uses the PC/SC framework to allow applicationson the Windows Terminal Server to access smart cards inserted in the Sun Ray DTU.Typically, this feature is used to provide two-factor authentication with digitalcertificates or to permit the use of electronic signatures or other information storedon a smart card.

Note – Smart cards and the PC/SC framework are supported on the SolarisOperating System but not on Linux.

For details on the PC/SC framework, see the PC/SC-lite Release Notes, available fromthe Sun Download Center (SDLC).

For more information on smart cards, see “Smart Cards” on page 31 and the Sun RayServer Software 4.1 Administrator’s Guide.

For information on smart card usage on Microsoft platforms, see Microsoft’s SmartCard documentation, for instance at:

http://technet.microsoft.com/en-us/library/cc780151.aspxhttp

1. FIPS is an acronym for the Federal Information Processing Standards defined by the National Institute ofStandards and Technology.


http://technet.microsoft.com/en-us/library/cc780151.aspxhttp

Session DirectoryThe Sun Ray Windows Connector supports server session reconnection based onload balancing information and Session Directory, a database that keeps track ofwhich users are running which sessions on which Windows Terminal Servers.Session Directory functionality enables Sun Ray Windows Connector users toreconnect automatically to the right Windows session.

Both IP address-based and token-based reconnection are supported; however, token-based redirection requires the use of a hardware-based load balancer for WindowsTerminal Servers configured as a server farm. The capacity to utilize server farmsand load balancing allows Windows Terminal Servers to accommodate a largernumber of Sun Ray users and DTUs.

Note – To participate in a Session Directory-enabled server farm, Windows TerminalServers must run Windows Server 2003 R2 Enterprise Edition or Windows Server2003 R2 Data Center edition. Session Directory is an optional component that can beconfigured to use Microsoft proprietary or third-party load balancing products.

For details of setup, configuration, and operation, see Microsoft’s Session Directorydocumentation, for instance at:

http://www.microsoft.com/windowsserver2003/techinfo/overview/sessiondirectory.mspx

Local Drive MappingFile systems from removable media devices, such as flash drives or ZIP drives,connected to Sun Ray USB ports can be mapped to the Windows environment,where they appear as locally mounted drives. Any file can be mounted and mappedfrom the Sun Ray environment to the Windows environment.

Caution – Windows filenames cannot contain the following characters: ⁄:*?"<>|.Make sure that redirected UNIX folders do not contain any files that use thesecharacters in their names.

Audio SupportUsers can play sound files on their Sun Ray desktops (downstream audio) withaudio applications located on the Windows Terminal Server; however, recordingfrom the Sun Ray DTU to the Windows Terminal Server (upstream audio) is notsupported by the RDP Protocol and has therefore not been implemented.


http://www.microsoft.com/windowsserver2003/techinfo/overview/sessiondirectory.mspx

Multimedia SupportThe Sun Ray Windows Connector’s multimedia component redirects video streamsto provide better performance for various models of Sun Ray DTU. It uses anaccelerated YUV path for Sun Ray 1 series DTUs (see FIGURE 1-2) and an acceleratedH.264/VC-1 path for the Sun Ray 2 series (see FIGURE 1-3), where H.264 and VC-1codecs are supported in the hardware. A standard RDP path is used for other mediaformats. The multimedia redirection component supports Windows Media Player 10and 11.

YUV VideoAn accelerated path for YUV video delivery enables improved playback of videoformats such as MPEG-1 and MPEG-2 by reducing the bandwidth required todeliver the decoded video to the Sun Ray DTU. The accelerated YUV path is usedautomatically so long as the correct software decoders are available for the videoformat required and the software is configured to make use of the XVideo extension.The following YUV formats are supported:

■ Planar: YV12, I420

■ Packed: UYVY, YUY2

H.264 or VC-1 video playback on a Sun Ray 1 DTU, which does not have a hardwaredecoding capability, uses software decoding and the accelerated YUV path (seeFIGURE 1-2).

H.264 VideoBaseline, up to level 2.0, is the best profile supported by the current Sun Rayhardware. Certain videos encoded in the Main profile may play; however, the SunRay decoder does not support CABAC encoding or data partitioning, and cannotdecode high-profile streams. Unsupported streams result in a black window or anerror reported to the player.

For best results, video files should be encoded in Baseline profile at up to 352x288pixels (CIF) and 15 frames per second (fps).


FIGURE 1-2 Sun Ray 1 Multimedia Redirection

VC-1 VideoSun Ray 2 family DTUs support all Simple and Main VC-1 profiles, up to thefollowing levels:

TABLE 1-1 Supported VC-1 Video Levels

Profile Video Level

Simple Profile, Low Level = 176x144 pixels (QCIF) at 15 frames per second

Simple Profile, Main Level = 352x288 pixels (CIF) at 15 frames per second

320x240 pixels (QVGA) at 24 frames per second

Main Profile, Low Level = 320x240 pixels (QVGA) at 24 frames per second

352x288 pixels (CIF) at 30 frames per second

VC-1(WMV9)

Other formatsNon-WMVformats:avi, divx,MPEG-2, etc.

H.264(MPEG-4)

StandardRDP path

AcceleratedYUV path

Sun Ray 1series DTU

Windows Media Player Media


VC-1 Simple/Main profiles are compatible with the Windows Media Video 9(WMV9) format and also use the hardware decoding in Sun Ray 2 series DTUs.

Note – .wmv files that are not VC-1 encoded cannot take advantage of acceleratedplayback.

FIGURE 1-3 Sun Ray 2 Multimedia Redirection

Sun Ray 2series DTU

Windows Media Player Media

YES

H.264≤ 352*288at 30 fps

Non-WMVformats:avi, divx,MPEG-2, etc.

Other formats

StandardRDP path

AcceleratedYUV path

AcceleratedH.264/VC-1path

VC-1≤ 352*288at 30 fps

YES

NO

NO

NO


Session ReconnectionIf a Sun Ray Windows Connector session is relaunched or hotdesked while asupported media format clip is playing, an error alert box may displayed (seeFIGURE 1-4), and the user must relaunch the clip from Windows Media Player.

FIGURE 1-4 Media Player Error

Serial Port MappingUsers can access serial devices connected to a Sun Ray DTU from their Windowssessions. Serial devices can be connected either directly to the serial ports on a SunRay DTU or by means of a serial adapter.

PrintingNetwork printing is recommended over locally-attached printing; however, once aconnection is established, a user can print from Windows applications using any ofthe following:

■ a network printer or a locally-attached printer on the Windows Terminal Server

■ a network printer or a locally-attached printer on the Sun Ray server

■ a local printer attached to the Sun Ray DTU

ClipboardThe Sun Ray Windows Connector enables cut-and-paste text functionality betweenWindows applications and applications running on the Sun Ray desktop, whetherLinux or Solaris versions. Copying and pasting is enabled for all supportedlanguages, including double-byte languages, such as Chinese, Japanese, and Korean.The Sun Ray Windows Connector does not support copying and pastingfunctionality for Rich Text format.


LicensingThe Sun Ray Windows Connector supports both per-user and per-device TerminalServer Client Access Licenses (TS-CAL). When per-device licensing is configured forWindows Terminal Server, each Sun Ray DTU is granted a new license from thelicensing server. Implications of these licensing modes are discussed under“Licensing Modes and Hotdesking” on page 25.

Licensing information is stored in the Sun Ray data store and can be retrieved andpresented each time a Windows connection is made.

For information on administering licenses, see the utlicenseadm man page. Seealso the note on Microsoft license requirements under “Installation” on page 11.

LimitationsCertain limitations, listed below, are caused by dependencies on other products.Limitations in the current implementation of the Sun Ray Windows Connector aredocumented in the Sun Ray Connector for Windows OS, Version 2.1 Release Notes.

Copy-and-Paste, Cut-and-PasteThe following behaviors, although similar, are caused by limitations in differentapplications:

■ Once a copy-and-paste operation has been performed from a dtterm window,subsequent copy-and-paste operations from the same window to a Windowsapplication always show the data from the first such operation.

■ Cut-and-paste operations do not work from dtpad to Windows applications.

■ Cut-and-paste menu options do not work correctly in transfers from StarOfficeapplications.

USB DiskRemoving a USB disk from a Sun Ray DTU while it is still being accessed by aWindows application leaves a stale mount point on the Sun Ray server.


CHAPTER 2

Installation

The Sun Ray Connector for Windows Operating Systems Version 2.1 requires SunRay Server Software 4.1 or later on any supported operating system.

The Sun Ray Windows Connector software must always be installed and configuredon the primary data store server, otherwise Terminal Server licenses and printerconfigurations will not be stored. This is the case even if the primary data storeserver is not used to host Sun Ray sessions.

Additional installation requirements include:

■ OpenSSL — generally installed by default on Solaris 10 as well as on Red Hat andSuSE. Please confirm that OpenSSL is installed before proceeding.

■ Windows 2003 Server with Service Pack 2 Rollup 2 orWindows XP Professional with Service Pack 3 (32-bit) orWindows XP Professional with Service Pack 2 (64-bit)Windows Vista

■ All necessary Microsoft licenses for accessing Windows Terminal Services

Note – If you access terminal server functionality provided by Microsoft operatingsystem products, you need to purchase additional licenses to use such products.Consult the license agreements for the Microsoft operating system products you areusing to determine which licenses you must acquire. Currently, informationregarding Terminal Services can be found in the following URL:http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx

TABLE 2-1 Supported Operating System Versions for the Sun Ray Windows Connector

Operating System Version

SuSE Linux Enterprise Server (SLES) 10 with Service Pack 1 or later

Red Hat Enterprise Linux Advanced Server (RHEL AS) 5 Update 1

Solaris (SPARC and x86) Solaris 10 5/08 or higher

Solaris Trusted Extensions (SPARC and x86) Solaris 10 5/08 or higher

11

Basic Installation (Solaris)● Before running the installer, create a dedicated UNIX group for the sole use of

the Sun Ray Windows Connector.

where group-name is the name you assign to this group. The first character of thename must be alphabetic. Do not add users to this group. Once you have createdand named the group, follow the steps below to install the Sun Ray WindowsConnector.

Note – If you have already mounted the Sun Ray Connector for Windows OS CD-ROM, locally or from a remote server, or extracted the ESD files to an imagedirectory, begin at Step 4.

1. Open a shell window as superuser on the Sun Ray server.

To avoid installation script errors that can occur if user environment settings arecarried forward, use one of the following commands for superuser login insteadof using the su command without arguments:

2. Insert the Sun Ray Connector for Windows OS CD-ROM.

If a File Manager window opens, close it. The File Manager CD-ROM window isnot necessary for installation.

3. Change to the image directory, for example:

4. Install the Sun Ray Windows Connector software.

The installer prompts for the name of the group you want to use for the Sun RayWindows Connector.

# groupadd <group-name>

% su -

% su - root

# cd /cdrom/cdrom0

# ./installer

Enter the name of a pre-existing group for use by Sun Ray Connector:


5. Enter the name of the group you created for this purpose at the beginning ofthis procedure, as below, then press Enter or Return to continue.

6. Run the automatic configuration script.

The uttscadm script launches the SRWC proxy daemon uttscpd and adds anentry for uttscpd in the /etc/services file, using port 7014 as the default.uttscpd is described under “Proxy Daemon” on page 26.

7. Restart Sun Ray services if the script asks you to do so.

Note – It is not necessary to restart Sun Ray services if the uttscadm script doesnot ask you to do so.

Enter the name of a pre-existing group for use by Sun Ray Connector:group-name

# /opt/SUNWuttsc/sbin/uttscadm -c

# /opt/SUNWut/sbin/utrestart

Chapter 2 Installation 13

Basic Installation (Linux)

Note – If you have mounted the Sun Ray Windows Connector CD-ROM locally orfrom a remote server or extracted the ESD files to an image directory, begin at Step 4.

1. Open a shell window as superuser on the Sun Ray server.

To avoid installation script errors that can occur if user environment settings arecarried forward, use one of the following commands for superuser login insteadof using the su command without arguments:

2. Insert the Sun Ray Connector for Windows OS CD-ROM.

If a File Manager window opens, close it. The File Manager CD-ROM window isnot necessary for installation.

3. Change to the image directory, for example:


5. Run the automatic configuration script.

The uttscadm script may prompt you for a path to the OpenSSL libraries.

6. Accept the default path, or supply a different path, if applicable.

7. Restart Sun Ray services if the script asks you to do so.

Note – It is not necessary to restart Sun Ray services if the uttscadm script doesnot ask you to do so.

% su -

% su - root

# cd /cdrom/cdrom0

# ./installer


# /opt/SUNWut/sbin/utrestart


Uninstallation1. Before uninstalling the Sun Ray Windows Connector, use the following

command to unconfigure it:

On Solaris, the uttscpd entry is removed from the /etc/services file and theSRWC proxy daemon is stopped.

2. To remove the Sun Ray Windows Connector software, type the followingcommand:

3. Answer Y or N to the Accept (Y/N) prompt.

a. Answer N to leave the existing installation in place.

or

b. Answer Y to uninstall the old version of Sun Ray Windows Connectorsoftware.

# /opt/SUNWuttsc/sbin/uttscadm -u

# /opt/SUNWuttsc/sbin/uninstaller


Upgrade Procedure

Note – To upgrade from an earlier version of the Sun Ray Windows Connector, youmust run the installer and the uttscadm configuration script, as described in thisprocedure.

1. Change to the image directory of the Sun Ray Windows Connector CD-ROM,for example:


The installer script indicates what Sun Ray Windows Connector software isalready installed on your system, for example:

3. Answer Y or N to the Accept (Y/N) prompt.

a. Answer N to leave the existing installation in place.

or

b. Answer Y to uninstall the old version of Sun Ray Windows Connectorsoftware and install the newer version.

The existing Sun Ray data store is not removed or touched by the upgradeprocedure.

4. Run the automatic configuration script again.

# cd /cdrom/cdrom0

# ./installer

Sun Ray Connector 2.0 is currently installed.Do you want to uninstall itand install Sun Ray Connector 2.1?Accept (Y/N):



Multimedia RedirectionThe multimedia component redirects video streams to provide better performancefor various models of Sun Ray DTU. It supports Windows Media Player 10 or 11 onWindows 2003 and Windows XP, and includes the following items, all of whichintercept H.264 and VC-1 and uncompressed YUV streams:

The multimedia component is delivered in the Supplemental section of the SRWCimage, under Supplemental/SunMMR.

Installation and RegistrationTo install and register the multimedia component:

1. Run setup.exe on the destination Windows server.

2. Select the Everyone option during installation.

Additional Requirements for H.264 (MPEG-4)The multimedia component does not include audio/video demux and decoders forH.264 (MPEG-4) streams; however, these are available as freeware as well as fromthird parties. To ensure that MPEG-4 video streams are accelerated properly, youneed to download some third-party or freeware solutions. One way to do so wouldbe to download the following freeware:

■ MatroskaSplitter:http://haali.cs.msu.ru/mkv/

and

■ ffDShow:http://sourceforge.net/project/showfiles.php?group_id=173941

Name Description

Sun Video Renderer Microsoft DirectShow filter

Sun Audio Renderer Microsoft DirectShow filter

Sun DMO DirectX Media Object (DMO) component


http://sourceforge.net/project/showfiles.php?group_id=173941

http://haali.cs.msu.ru/mkv/

As an alternative to Matroska Splitter and ffDShow, you can use a third-party codec,such as this one from MainConcept:

■ MainConcept codec:http://www.mainconcept.com(Select Codec SDK)

For the MainConcept codec, only the following are required:

■ MPEG splitter

■ MPEG decoder

■ MP4 splitter

■ MP4 decoder

■ H.264 decoder.

Note – Many other solutions are possible but cannot all be listed here.

Xinerama LimitationH264 and VC-1 support on the DTU is not available for Xinerama sessions. InXinerama sessions, video windows may be dragged from one DTU to another ormay span multiple DTUs, but audio/video synchronization of H264 and VC-1support is limited to the primary DTU, and the videos cannot be synchronizedbetween DTUs. H264 and VC-1 videos may still be rendered by the application inthe same manner they would be rendered on Sun Ray 1 DTUs.

For more information on Xinerama, see the Sun Ray Server Software 4.1Administrator’s Guide.


http://www.mainconcept.com

CHAPTER 3

Using the Sun Ray Connector forWindows OS

Once the Sun Ray Windows Connector software has been installed, type thefollowing command to connect to the desired Windows Terminal Server:

If the Windows Terminal Server is in the same domain as the Sun Ray desktop, it isnot necessary to specify the domain name; however, you may specify the full IPaddress instead of hostname.domain if you prefer.

Command Line OptionsThe uttsc command specifying no options but the name or address of a WindowsTerminal Server displays a Windows session on the Sun Ray DTU (See FIGURE 3-1).The default screen size is 640 x 480 pixels.

To display a session in full-screen mode or to modify it in other ways, see thecommand line options listed in the uttsc man page.

To allow your users to access the man command directly, add the following entry toyour users’ man path:

They can then display the man page by typing:

% /opt/SUNWuttsc/bin/uttsc <options> <hostname.domain>

/opt/SUNWuttsc/man

% man uttsc

19

FIGURE 3-1 A Windows Session Running in a Solaris Window

Depending on what options are specified, you can allow a Windows session tooccupy the whole screen or to run within a Linux or a Solaris window, as in thisexample. See the uttsc man page for a listing of all options.


Graphical User Interface (GUI)No graphical user interface is available for the Sun Ray Windows Connector at thistime; however, launchers can be set up to provide users with desktop icons or menuitems to connect to the Windows session.

For details on how to set up launchers, please consult the desktop documentationfor your operating system.

Chapter 3 Using the Sun Ray Connector for Windows OS 21


CHAPTER 4

Administration

The Sun Ray Windows Connector requires very little administration; however,administrators should be aware of the following issues, suggestions, andconfiguration instructions.

Compression and EncryptionCompression is enabled by default. It can be disabled on a per-connection basis witha CLI option. For example, to disable compression:

For encryption, the administrator needs to decide which of the available levels touse, after which the Windows Terminal Server can be configured accordingly.(See “Encryption” on page 3.)

JDS Integration PackageThe Sun Java™ Desktop System (JDS) integration package for the Solaris OperatingSystem delivers a CLI called uttscwrap, which improves integration of the Sun RayWindows Connector with the JDS desktop on Solaris 10. The JDS integrationpackage is included in the Supplemental folder of the Sun Ray Windows Connectorsoftware image.

% /opt/SUNWuttsc/bin/uttsc -z <hostname.domain>

23

uttscwrap provides a login dialog that allows input of credentials for password-based authentication (username/domain/password). The credentials can be savedthrough the dialog for subsequent invocations. At the next launch, the dialog is pre-filled with the credentials.

Note – uttscwrap is designed for credential caching for password-basedauthentication only. It cannot be used with smart card authentication.For smart card authentication, please use the Sun Ray Windows Connector directly(/opt/SUNWuttsc/bin/uttsc).

Credentials are saved separately for each Windows server/application combination.This allows you to save different credentials the following ways:

■ For different applications on the same server

■ For different applications on different servers

■ For different server sessions with no applications launched

Any new credentials saved for a server/application replace previously savedcredentials.

Use uttscwrap when desktop or menu launchers are defined to launch eitherWindows Terminal Services sessions or Windows applications on various Windowsservers.

To launch the Sun Ray Windows Connector through uttscwrap, specify the sameparameters on the uttscwrap command line as you would use on the uttsccommand line.

LicensingLicenses can be administered with the utlicenseadm CLI. Administrativefunctions for licenses include listing and deleting. See the utlicenseadm man pagefor details.

Microsoft Terminal Services licensing information is stored in the Sun Ray data storeautomatically upon Windows session startup, using the existing LDAP schema. Noadministrator setup or intervention is required.


Licensing Modes and HotdeskingTerminal Server Client Access Licenses can be configured in two modes on theWindows Terminal Server: per-user and per-device. In per-user mode, the user’shotdesking experience is virtually seamless. In per-device mode, however, to ensurecorrect TS-CAL license handling, users must re-authenticate every time they hotdeskto a different DTU.

The differences in the user’s hotdesking experience are summarized below.

Per-user ModeThe user logs into a Sun Ray session with a smart card and opens a connection to aWindows session.

1. The user removes the smart card and reinserts it in the same DTU.

2. The user removes the smart card and inserts it in a different DTU.

In both cases, the user is instantly reconnected to the existing Windows session, andother features and services are unaffected.

Per-device ModeThe user logs into a Sun Ray session with a smart card and opens a connection to aWindows session.

1. The user removes the smart card and reinserts it in the same DTU.

The user is instantly reconnected to the existing Windows session.

2. The user removes the smart card and inserts it in a different DTU.

The Windows login screen prompts the user for username and password, afterwhich the user is reconnected to the existing Windows session. Other features andservices are similarly affected. For example:

■ Windows Media Player stops playing audio/video file, although theapplication is still active on the Windows session.The user needs to replay theaudio/video file.

■ Any serial port transfer is stopped.

However, all the command line options specified remain valid.

Chapter 4 Administration 25

Note – The uttsc command provides a CLI option (-O) that can be used to preventthe Sun Ray Windows Connector from disconnecting upon detection of hotdeskingevents.

Caution – With the -O option, the Sun Ray Windows Connector does notdisconnect/re-connect when a hotdesk event occurs, nor does it refresh licenses ondifferent DTUs, instead using the original license granted upon connection to thefirst DTU. This may cause you inadvertently to violate your Microsoft TerminalServer license agreement. Since you have full responsibility for license compliance,be aware of the danger and use the -O option only with caution.

Load BalancingTerminal services session load balancing is handled transparently by the WindowsTerminal Server. For more detailed information, please refer to Microsoftdocumentation at:

http://www.microsoft.com/windowsserver2003/technologies/clustering/default.mspx

Proxy DaemonOn Solaris only, the Sun Ray Windows Connector uses a daemon process nameduttscpd to act as a proxy for interactions with the Sun Ray data store. It uses port7014 by default. A corresponding command, uttscrestart, allows theadministrator to restart uttscpd.

At install time, the installer asks for a valid, existing UNIX group under which toinstall the proxy daemon and the Connector binaries. This group is used to establisha secure connection between the Connector and the proxy. The proxy validates andallows connections from a binary only if it belongs to this group.Do not use thisgroup for any users or other components.

Note – Restarting the uttscpd daemon does not affect existing Sun Ray WindowsConnector sessions.


PrintingThe Sun Ray Windows Connector supports printing to:

■ network printers visible on the Windows server

■ network printers visible on the Sun Ray server

■ local printers attached to the Windows server

■ local printers attached to the Sun Ray server

■ local printers attached to the DTU

Note – Network printers are not affected by hotdesking. Printers connected to DTUsare available for printing from any DTU connected to the same Sun Ray server.

Printer Configuration CachingThe Sun Ray server maintains a cache, in the Sun Ray data store, of printerconfigurations that users set up on the Windows Terminal Server. The Sun Rayserver presents the appropriate configuration to the Windows Terminal Server whena user reconnects using the Sun Ray Windows Connector.

The uttscprinteradm CLI helps administrators to maintain this information. Itcan be used to list the available information and to perform cleanup in case of useror printer deletion. See the uttscprinteradm man page for further information.

Setting Up Print QueuesPrinter setup in Windows environments is beyond the scope of this document;however, printer setup requirements for Solaris and Linux are described below.

The Windows Terminal Server session is aware only of the print queues specified inthe command line when the Sun Ray Windows Connector is started. To change printqueues, restart the Sun Ray Windows Connector with the relevant print queuesspecified on the command line.

Note – These instructions pertain to raw print queues.1 Please consult youroperating system documentation for instructions on setting up queues for PostScriptdrivers. See also the lp and lpadmin man pages.


Solaris PrintingTo set up a raw print queue on a Sun Ray server running Solaris:

1. Specify the printer and printer device node using the lpadmin command.

2. Enable the print queue.

3. Accept the print queue.

Linux PrintingTo set up a raw print queue on a Sun Ray server running any supported flavor ofLinux:

1. Uncomment the following line from the /etc/cups/mime.convs file:

2. Uncomment the following line from the /etc/cups/mime.types file:

3. Restart the cups daemon.

1. When a Solaris or Linux print queue is configured with a print driver, the lp utility sends print data to thedriver for processing before redirecting it to the printer. When a print queue is configured without a driver, lpsends unprocessed, or raw data to the printer. A print queue configured without a printer driver is called araw queue.

# /usr/sbin/lpadmin -p <printer-name> -v \/tmp/SUNWut/units/IEEE802.<mac-address>/dev/printers/<device node>

# /usr/bin/enable <printer-name>

# /usr/sbin/accept <printer-name>

application/octet-stream application/vnd.cups-raw 0 -

application/octet-stream

# /etc/init.d/cups restart


4. Create a soft link to the Sun Ray printer node in /dev/usb.

For example, if the device node is/tmp/SUNWut/units/IEEE802.<mac-address>/dev/printers/<device node>,then use the following command:

Use this soft link (/dev/usb/sunray-printer) as the Device URI whilecreating the print queue.

Note – It may be necessary to create the /dev/usb directory as well as to re-createthe soft link after rebooting.

5. To complete the procedure, set up a raw print queue.

6. To complete this procedure for SuSE Linux:

a. Update /etc/cups/cupsd.conf to set the RunAsUser property to No.

b. Restart the cups daemon.

# ln -s \/tmp/SUNWut/units/IEEE802.<mac-address>/dev/printers/<device node> \/dev/usb/sunray-printer

# /usr/sbin/lpadmin -p <printer-name> -E -v usb:/dev/usb/sunray-printer

# /etc/init.d/cups restart


Making Sun Ray Printers Available to WindowsTo make Sun Ray-attached printers available to a Windows session, specify thecorresponding raw Sun Ray print queues on the command line. Printer data iscreated on the Windows server, so it is important to specify the name of the printer’sWindows driver and install it on the Windows server. If you make a printer availablewithout specifying a driver, the Sun Ray Windows Connector defaults to aPostScript driver.

Tip – To find the printer driver name, check the Windows Registry keyMyComputer/HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Print/Environments/Windows NT x86/Drivers/Version-3.All printer drivers installed on the system appear on this list.

● To specify a printer’s Windows driver, type:

● To make a printer available without specifying a driver, type:

● To make multiple printers available, type:

% /opt/SUWuttsc/bin/uttsc -r printer:<printername>=<driver name> <hostname.domain>

% /opt/SUWuttsc/bin/uttsc -r printer:<printername> <hostname.domain>

% /opt/SUWuttsc/bin/uttsc -r printer:<printer1>=<driver1>,<printer2>=<driver2> <hostname.domain>


Session DirectoryThe Session Directory feature requires no configuration or administration by the SunRay administrator. The Windows administrator has several configuration options,such as whether to allow users to connect to a Windows Terminal Server directly orthrough a load balancer; however, these options are beyond the scope of thisdocument. Please refer to Microsoft documentation for details.

Smart CardsIn addition to normal Sun Ray smart card functionality, such as hotdesking, the SunRay Windows Connector enables additional smart card functionality, such as:

■ strong, two-factor authentication for access control

■ PIN-based logins

■ digital signing, encrypting, and decrypting of email messages from Windows-based email clients

For this purpose, it uses the Sun Ray PC/SC-lite framework on the Sun Ray serverand smart card middleware on the Windows Terminal Server.

Smart card redirection is disabled by default. It can be enabled on a per-connectionbasis with the following CLI option:

To set up Smart Card login for Windows with the Sun Ray Windows Connector:

1. Set up Active Directory and Certification Authority (CA) on the WindowsServer.

2. Install the PC/SC framework.

See the PC/SC-lite Release Notes for further details. They available for downloadfrom the Sun Download Center (SDLC).

3. Install Smart Card middleware product on the Windows Terminal Server.

Note – If you use ActivClient middleware, set “Disable PIN Obfuscation” to Yesthrough ActivClient user console on the Windows Server.

% /opt/SUNWuttsc/bin/uttsc -r scard:on <hostname.domain>


4. Enroll the necessary Certificate(s) onto the Smart Card, using either a Sun RayToken Reader or an External Smart Card Reader connected to the WindowsServer.


APPENDIX A

Configuring Solaris TrustedExtensions for Windows Access

For the Sun Ray Windows Connector to function properly on a Solaris TrustedExtensions server, the Windows Terminal Server which is to be accessed must bemade available at the desired level.

1. Make a Windows Terminal Server available to the public template.

a. Start the Solaris Management Console (SMC):

b. Make the following selections under Management Tools:

i. Select hostname:Scope=Files, Policy=TSOL.

ii. Select System Configuration->Computers and Networks->Security Templates->public.

c. From the menu bar, select Action->Properties->Hosts Assigned to Template.

d. Select Host.

e. Enter the IP Address of the Windows Terminal Server (e.g., 10.6.100.100).

f. Click Add.

g. Click OK.

2. Configure port 7014 as a shared multi-level port for the uttscpd daemon

a. If it is not already running, start the Solaris Management Console (SMC):

b. Select hostname:Scope=Files, Policy=TSOL.

# smc &

# smc &

33

c. Select System Configuration->Computers and Networks->Trusted Network Zones->global.

d. From the menu bar, select Action->Properties.

e. Enable ports by clicking Add under Multilevel Ports for Shared IPAddresses.

f. Add 7014 as Port Number, Select TCP as Protocol, and click OK.

g. Restart network services by running the following command:

h. Verify that this port is listed as a shared port by running the followingcommand:

3. Create entries for the uttscpd daemon.

The /etc/services file entry for the SRWC proxy daemon is createdautomatically in the global zone at configuration time; however, correspondingentries need to be created in local zones.

a. Create a corresponding entry in each local zone where the Sun Ray WindowsConnector will be launched.

These entries can be created manually or by loopback-mounting the globalzone /etc/services file into the local zones for read access.

b. To create this entry manually, edit the local zone file by inserting thefollowing entry:

4. Reboot the Sun Ray server:

# svcadm restart svc:/network/tnctl

# /usr/sbin/tninfo -m global

uttscpd 7014/tcp # SRWC proxy daemon

# /usr/sbin/reboot


APPENDIX B

Kiosk Session

The Sun Ray Windows Connector’s Kiosk Mode1 Session enables the administratorto set up groups of DTUs to access a restricted set of applications, typically insettings where users are expected to use only one application, or where security is anespecially important consideration. In Kiosk Mode, the Sun Ray DTU behaves like aWindows Based Terminal, and users do not interact with the Solaris or Linux login.

The core components of the Kiosk Mode Session are:

■ a Kiosk Session Service session descriptor(/etc/opt/SUNWkio/sessions/uttsc.conf)

■ a Kiosk Session Service session script(/etc/opt/SUNWkio/sessions/uttsc/uttsc).

Added applications are not supported.

Session DescriptorThe session descriptor defines a number of attributes useful for the administrationand launching of the session. These include the following:

For more details, see “Session Script Arguments” on page 36.

1. An earlier implementation of similar functionality was called Controlled Access Mode (CAM).

TABLE B-1 Kiosk Session Descriptors

Descriptor Description

KIOSK_SESSION_EXEC Identifies the location of the session script.

KIOSK_SESSION_LABELKIOSK_SESSION_DESCRIPTION

Identify a label and description respectively to be usedby the Sun Ray Admin GUI.

KIOSK_SESSION_ARGS Identifies default session script arguments.

35

Session ScriptThe session script is responsible for launching the Sun Ray Windows Connector. Thescript provides a simple wrapper on the Sun Ray Windows Connector executable,/opt/SUNWuttsc/bin/uttsc.

A two-minute timeout is imposed on Windows sessions that remain at the Windowslogin screen. When this timeout elapses, the associated Windows session isterminated, and the Sun Ray Windows Connector terminates subsequently. This canresult in a user experience where, assuming no Windows login takes place, adesktop unit appears to reset every two minutes. To avoid this, the session scriptsupports its own timeout, which affects its behavior when it detects that the Sun RayWindows Connector has terminated. If the timeout interval has not elapsed, thesession script relaunches the Sun Ray Windows Connector. If the timeout haselapsed, the session script terminates, and the Kiosk session also terminate as aresult. The timeout may be specified as a session script argument. It has a defaultvalue of 30 minutes.

Session Script Arguments

A number of arguments are supported by the session script. These may be specifiedusing the Sun Ray Admin GUI. The list of supported arguments may be split intoSun Ray Windows Connector and non-Sun Ray Windows Connector arguments. SunRay Windows Connector arguments are not processed in any way by the sessionscript and are simply passed directly to the Sun Ray Windows Connector. Non-SunRay Windows Connector arguments are processed by the session script itself.

The complete argument list should be formatted according to the following example:

Non-Sun Ray Windows Connector Arguments

Currently, only a single non-Sun Ray argument, -t, is supported. It is defined asfollows:

-t <timeout> sets the value of a timeout interval (in seconds) after which the sessionscript will terminate in the event of a Sun Ray Windows Connector termination. IfSun Ray Windows Connector terminates before the timeout has elapsed it will berestarted by the session script. The default value for <timeout> is 1800 (30 minutes).Values less than or equal to 0 indicate that the session script should never restart theSun Ray Windows Connector.

[<Non Sun Ray Connector arguments>] [ "--" <Sun Ray Connector arguments>]


Sun Ray Windows Connector Arguments

You may specify any valid uttsc arguments here. The -m and -b uttsc argumentsare used by default. These arguments enable full-screen mode and disable the pull-down header respectively.

Note – The Sun Ray Windows Connector requires at least a server argument. Aspreviously mentioned, you may use the Sun Ray Admin GUI to include this serverargument in the session script argument list.

Installation and ConfigurationThe Sun Ray Windows Connector Kiosk Session is installed automatically as part ofSun Ray Windows Connector installation. The package name is SUNWuttsc-kio.With the Sun Ray Windows Connector Kiosk Session is installed, the user no longerneeds to specify the uttsc command.

To configure a Kiosk implementation for the Sun Ray Windows Connector, followthe instructions in “Kiosk Mode” in the Sun Ray Server Software 4.1 AdministrationGuide. Select Predefined Descriptor, choosing Sun Ray Connector for Windows OSfrom the drop-down menu on the Kiosk Mode page, which is located under theAdvanced tab in the Sun Ray Administration tool.

The user then must add session arguments to the Arguments field at the bottom ofthe same page (see “Session Script Arguments” on page 36). The minimal requiredargument is the host name, so the field content should have at least:<myhost.mydomain>.com

A timeout option (-t <timeout>) can be added before the --, and further uttscoptions can be added after the --. For instance, the example line below specifies:

■ a 10-minute timeout (specified in seconds) until the session is cycled if the userdoes not log in

■ printer forwarding

■ smart card redirection

■ optimized SRWC hotdesking behavior

-t 600 -- -r printer:officelaser -r scard:on -O myhost.mydomain.com

Appendix B Kiosk Session 37

FIGURE B-1 Selecting a Kiosk Session

Note – When the SRWC session is selected, there is nothing to edit on the mainKiosk page. The Applications list is not available because the Sun Ray WindowsConnector session does not support the arbitrary addition of applications.


Supplemental InformationTwo features linked to Sun Ray Windows Connector are commonly implemented atcustomer sites: Follow-Me-Printing and Windows Session Locking. Implementationsof these features rely on technology not available by default and non-public Sun Rayinterfaces as well as the use of certain public Sun Ray interfaces for purposes otherthan their intended use. For these reasons, these features are not provided assupported elements of this session; however, descriptions of how these features arecommonly implemented are provided in the following sections.

Follow-Me Printing

This feature allows the default printer for a Windows session to appear to follow auser from one Sun Ray DTU to another. Use the following steps to set it up:

1. For each DTU of interest, specify a printer in the Sun Ray Data Store.

Find to the relevant DTU in the Sun Ray Admin GUI and set its OtherInformation field to the name of the relevant printer.

2. Provide a shell script that queries the printer name stored in the Sun Ray DataStore for the current Sun Ray DTU and writes that name to the user’s$HOME/.printers file.

For example:

3. Use utaction to invoke the script above on an initial connection andsubsequently whenever a user moves from one Sun Ray DTU to another.

Provide an Xsession.d script if you are using dtlogin as your loginmanager or an xinitrc.d script if you are using Gnome Display Manager(GDM) as your login manager. For example, you might create the script/usr/dt/config/Xsession.d/1100.SUNWut for dtlogin or/etc/X11/xinit/xinitrc.d/1100.SUNWut for GDM as follows:

#!/bin/shif [ ‘uname‘ = Linux ] ; then theFlag="-P"fitheMACAddress=‘cd $theFlag $UTDEVROOT ; /bin/pwd | sed’s/.*‹............›/\1/’‘thePrinter=‘/opt/SUNWut/sbin/utdesktop -o | grep $theMACAddress | /usr/bin/awk -F, ’{print $3}’‘echo "_default $thePrinter" > $HOME/.printers

#!/bin/sh/opt/SUNWut/bin/utaction -i -c <path-to-script> &

Appendix B Kiosk Session 39

where <path-to-script> is the path to the script you created to retrieve the printername.

Note – The name 1100.SUNWut is chosen purposely in this case to ensure that thescript is run or sourced after the existing script 0100.SUNWut. This is required as0100.SUNWut is responsible for setting $UTDEVROOT which is needed by the firstsample script above.

Note – For information on the bundled gdmgreeter, see the kiosk man page.

4. Modify your Kiosk session script arguments to redirect the printer to Windows.

You may modify these arguments using the Sun Ray Admin GUI. In this exampleyou need to add the argument -r printer:_default to the existingarguments, resulting in an argument list similar to the following:

where myHost corresponds to the server argument passed to uttsc.

Windows Session Locking

It may be preferable that a Windows session be locked when a user’s session movesaway from a given Sun Ray DTU. A commonly used approach to implement this isto send the lockscreen keystrokes to the Windows Session using xvkbd (invoked byutaction).

As with the previous example, you may invoke utaction from an Xsession.d orxinitrc.d script as follows:

Since xvkbd is not available by default, you should modify the XVKBD setting aboveso that it correctly identifies the installation location of xvkbd in your case.

Note – The keystroke sequence \Ml activates the Windows lock for Windows2003/XP sessions. You may need to modify it for other Windows versions.

-t 1800 -- -m -b -r printer:_default myHost

#!/bin/shXVKBD=/usr/openwin/bin/xvkdb/opt/SUNWut/bin/utaction -d "$XVKBD -text ’\Ml’" &


APPENDIX C

Troubleshooting

Printer CachingIf a user changes the driver for a printer, the settings are not restored.

To restore the settings, use the same printer driver that was used when the settingswere changed.

Caution – Use of a different driver, even if no settings are changed, can invalidatesettings stored for that printer with any previous driver.

Printer Not Visible in WindowsIf a Sun Ray printer specified on the Solaris or Linux command line is not availableon Windows (not visible in the Printers and Faxes View), the user should confirmthat the printer driver name is correct and installed on the Windows server.See “Making Sun Ray Printers Available to Windows” on page 30.

Windows PrintingIf a Windows job does not print, whether on a local or a network printer, the usershould contact the Windows system administrator.

41

Solaris or Linux PrintingIf a job fails and cannot be diagnosed and fixed with the ordinary UNIX remedies(lpq, lprm, etc.), the user should contact the appropriate system administrator.

Sun Ray DTU Local PrintingUsers can continue to send jobs from Solaris or Linux applications to printers locallyattached to their Sun Ray DTU. To enable access to printers attached to the Sun RayDTU for Windows jobs, the user must specify the printer with the uttsc CLI.See “Printing” on page 27 and the uttsc man page.

Multimedia Redirection IconA small, context-sensitive Play button is displayed as an icon in the task bar whenthe multimedia redirection component is being used for video playback. When themouse is placed over the icon, the media type and size are displayed.

FIGURE C-1 Multimedia Redirection Icon


Multimedia DebuggingWhen multimedia enhancements are in use, as when video clips in a supportedformat are played, debugging messages are logged in the following files:

■ /var/dt/Xerrors (on Solaris)

■ /var/log/gdm/$DISPLAY.log (on Linux)

These messages, which are listed in TABLE C-1, are turned off by default. To turnthem on, or to turn them off again, use the following command:

Note – H264 and VC-1 support on the DTU is not available for Xinerama sessions.In Xinerama sessions, video windows may be dragged from one DTU to another ormay span multiple DTUs, but audio/video synchronization of H264 and VC-1support is limited to the primary DTU, and the videos cannot be synchronizedbetween DTUs. H264 and VC-1 videos may still be rendered by the application inthe same manner they would be rendered on Sun Ray 1 DTUs.

# kill -USR2 <Xnewt_process_id>

TABLE C-1 Multimedia Error Messages

Message Comments

Display :3.0 Video port Id 39 YUV: YV12

Display :3.0 Video port Id 39 YUV: I420

Display :3.1 Video port Id 49 YUV: YV12

Start of stream for XVideo. Note that the XVideoprotocol does not require start/stop, so anapplication may send multiple streams withouta new debug message.

Display :3.0 Video port Id 39 YUV: YV12 low bandwidth on

Display :3.0 Video port Id 39 YUV: YV12 low bandwidth ended

An XVideo stream is using the low bandwidthlogic or bandwidth has increased so it isresuming the normal logic.

Display :3.0 Video port Id 39 Compressed: H264

Display :3.0 Video port Id 39 Compressed: VC1

Start of an XvEnc compressed video stream.

Display :3.0 Video port Id 39 YUV: YV12 hotdesked

Display :3.0 Video port Id 39 Compressed: H264 hotdesked

A stream has been connected to a DTU.

Display :3.0 Video port Id 39 Compressed:

H264 hotdesked firmware does not support compressed video

An XvEnc stream has been connected to a DTUthat does not support decoding (non-P8 or P8with old firmware).

Display :3.1 Video port Id 49 YUV: YV12 In a multihead configuration, Display indicateswhich head the video is being played on. Eachhead’s port ID is in a different range

Appendix C Troubleshooting 43

uttsc Error MessagesSun Ray Windows Connector error messages, which are listed in TABLE C-2, areturned off by default. To turn them on, or to turn them off again, use the followingcommand:

where <pid> is the process ID of an Xnewt process for an individual Sun Ray session.To turn the messages off again, send a second signal USR2 to the Xnewt process.

# kill -USR2 <pid>

TABLE C-2 uttsc Error Messages

Message Comments

Error (%d): Unable to establishdata store connection.

The Sun Ray Windows Connector was unable to open aconnection to the Sun Ray Data Store. Ensure that the SRDS hasbeen configured for Sun Ray software and is reachable. Also,ensure that the Sun Ray Windows Connector has beensuccessfully configured before launching it.

Error(%d): Unable to determine SRSSversion.

SRWC could not determine SRSS version information. Ensure thatSRSS 4.1 or above is installed and configured successfully.

Error(%d): Unable to launch Sun RayConnector. Only SRSS 4.1 and aboveare supported.

SRWC 2.1 is supported only on SRSS 4.1 and above. Ensure thatthe correct version of SRSS is installed.

Sun Ray session is not connected,please try again.

Ensure that SRWC is being launched from a valid connected SunRay session.

Cannot obtain DTU MAC address. SRWC was unable to contact the Sun Ray Authentication Managerto retrieve the DTUs MAC address. Ensure that this daemon isreachable.

Error: Sun Ray Token ID cannot bedetermined. Sun Ray Connector canonly be launched from a Sun Raysession.

SRWC was launched from a non-Sun Ray session (e.g., telnet orconsole). It can only be launched from a connected DTU session.

Unable to create new audio device. Usingdefault audio device.

utaudio failed to create a new audio device. Check the messageslogged by utaudio for more information. SRWC will try to use thedefault audio device for the session.

Device <device_name> is not allocated.Audio will not work in this session.Continuing..

On Solaris Trusted Extensions platforms, if the default audiodevice is not allocated, then SRWC will not be able to use any newaudio device or the default audio device. In this case, the SRWCsession will proceed but without audio support.


Warning. Printer preferences will not bestored. Please run uttscadm to completeconfiguration before launching Sun RayConnector.

If uttscadm has not been run before the Sun Ray WindowsConnector is launched, the printer preferences as sent by theWindows Terminal Server will not be stored and hence cannot belater reused. This is not a fatal error; the session will continue tobe launched.

Unable to connect to Sun Ray ConnectorProxy. Please ensure uttscadm has been runbefore launching the Sun Ray Connector.

Make sure the proxy daemon (uttscpd) is up and running. If theSun Ray Windows Connector is launched before uttscadm hasbeen run to configure it, then the Sun Ray Windows ConnectorProxy is not reachable. This message can be seen on Solarissystems only.

Unable to launch Sun Ray Connector.Please ensure utconfig has been run beforelaunching the Sun Ray Connector.

If Sun Ray Windows Connector is launched without havingconfigured Sun Ray Data Store using utconfig (from Sun RayServer Software), then the connector cannot be used.

TABLE C-2 uttsc Error Messages

Message Comments

Appendix C Troubleshooting 45


Glossary

AAAC Advanced Audio Coding, a “lossy” compression format capable of delivering

relatively high quality at relatively low bit rates.

ALP The Sun Appliance Link Protocol, a suite of network protocols that enablecommunication between Sun Ray servers and DTUs.

CCABAC Context-adaptive binary arithmetic coding, a “lossless” entropy coding

technique used in H.264/MPEG-4 AVC video encoding.

CAM An earlier implementation of Sun Ray Server Software controlled access mode.The current implementation is known as kiosk mode.

client Normally, this term refers both to the physical hardware, such as a Sun Raythin client desktop unit, and the process that accesses resources such ascompute power, memory, and applications from a server. The server may belocated remotely or locally. In the present context, the Sun Ray DTU is a clientof the Sun Ray server; the Sun Ray Windows Connector software is a WindowsTerminal Server client.

client-server A common way to describe network services and the user processes of thoseservices. Although this term can apply to a wide range of interactions betweendesktops and larger computing facilities, the thin client model suggests that all,or nearly all, computing be performed on the server.

47

codec A device or program capable of encoding and/or decoding a digital datastream or signal.

Ddata store The Sun Ray Data Store is a repository for information needed to administer

several aspects of the Sun Ray Server Software, such as failover groups, forexample. The Sun Ray Windows Connector utilizes it to store licensinginformation and printer preferences.

downstream audio The capability for using applications located on a server to play audio files ona client. For example, .wmv files can be played on a remote Windows TerminalServer and heard on a Sun Ray DTU.

DTU Sun Ray desktop units (originally known as Desktop Terminal Units).

HH.264 A standard for video compression developed by MPEG and VCEG for a wide

range of bit rates and resolutions. Also known as MPEG-4 AVC (AdvancedVideo Coding) and MPEG-4 Part 10.

hotdesking The ability for a user to remove a smart card, insert it into any other DTUwithin a server group, and have the user’s session “follow” the user, thusallowing the user to have instantaneous access to the user’s windowingenvironment and current applications from multiple DTUs.

Kkiosk mode A facility to run sessions without UNIX login under an anonymous user

account. Kiosk sessions provide a preconfigured, usually restricted, softwareenvironment. The term kiosk mode was used interchangeably with CAM inearlier versions of SRSS. As of SRSS 4.0, however, this module was completelyrewritten and is now officially called kiosk mode. The term CAM is mean torefer to implementations in SRSS 3.1 and earlier.


MMPPC Microsoft Point-to-Point Compression protocol.

PPCM Pulse Code Modulation.

Rraw print queue A print queue enabled without a print driver having been specified. Instead of

processing data before sending it to a printer, the lp utility sends raw,unprocessed data to the printer.

RDP Microsoft Remote Desktop Protocol.

Sserver Generically defined as a network device that manages resources and supplies

services to a client. This manual refers in particular to the Sun Ray server(s),which host Sun Ray sessions as well as DTUs, and to Windows TerminalServers, which act as hosts for Windows applications that can be reached byRDP clients, of which the Sun Ray Windows Connector is an example. The SunRay DTU is a client of the Sun Ray server; the Sun Ray Windows Connector isa Windows Terminal Server client.

server farm A cluster of servers linked with load balancing software.

service For the purposes of the Sun Ray Server Software, any application that candirectly connect to the Sun Ray DTU. It can include audio, video, X servers,access to other machines, and device control of the DTU.

session A group of services associated with a single user.

Glossary 49

Session Directory A database that keeps track of which users are running which sessions onwhich Windows Terminal Servers, which makes it possible for users toreconnect to their previously disconnected Windows sessions.

session mobility The ability for a session to “follow” a user’s login ID or a token embedded ona smart card.

Sun Ray DTU The desktop unit, originally known as the desktop terminal unit, is thephysical appliance used to transmit keystrokes and mouse events to andreceive display information from the Sun Ray server. The Sun Ray DTUhardware has a built-in smart card reader, and most models also contain a flat-panel display.

TTerminal Server

client The client software used to access remote sessions hosted on a WindowsTerminal Server, in this case, the Sun Ray Windows Connector.

thin client Thin clients remotely access some resources of a computer server, such ascompute power and large memory capacity. Sun Ray DTUs rely on the serverfor all computing power and storage. Within the client-server computingmodel, thin clients are distinguished from fat clients by the absence of localoperating systems, applications, disc drives, fans, or other devices that fatclients need in order to operate.

Uupstream audio The capability for recording sound from the client to the server.

URI Uniform Resource Identifier, the generic term for all types of names andaddresses that refer to objects on the World Wide Web.

URL Uniform Resource Locator, the global address of documents and otherresources on the World Wide Web. A URL is a specific type of URI.

VVC-1 Simple, lossless mechanism to store images or a sequence of images.


WWindows terminal Any device used to access Windows applications residing on a Windows

Terminal Server.

Windows TerminalServer A server that hosts Microsoft applications for remote terminals or clients.

WMA Windows Media Audio data compression file format and codec developed byMicrosoft.

YYUV The color encoding system used for analog television.

Glossary 51


Index

AActivClient user console, 31additional licenses, 11Appliance Link Protocol (ALP), 1

CCAM, 35command line options, 19compression, 23Controlled Access Mode, 35copy-and-paste, 10cups daemon, 28, 29cut-and-paste, 9, 10

Eencryption, 23Error Messages, 44External Smart Card Reader, 32

FffDShow, 17, 18FIPS, 4Follow-Me-Printing, 39

Ggroupadd, 12

HH264, 43Hotdesking and Licensing Modes, 25

JJava Desktop System (JDS) integration package, 23

KKiosk Mode, 35Kiosk Session Descriptor, 35

LLinux installation, 14Linux Printing, 28Load Balancing, 2

MMatroska Splitter, 18MatroskaSplitter, 17Microsoft Point-to-Point Compression (MPPC), 3

OOpenSSL, 11

PPC/SC framework, 4, 31PIN Obfuscation, 31print queues, 27Printer Caching, 41printer configuration caching, 27proxy daemon, 13, 26

Rraw print queue, 28

53

RC4 cipher, 3Red Hat, 11Remote Desktop Protocol (RDP), 1RSA Security, 3

Sserver farm, 5session descriptor, 35Session Directory, 2, 5, 31smart cards, 31Solaris installation, 12Solaris Printing, 28Solaris Trusted Extensions, 33Sun Ray Token Reader, 32SuSE, 11

TTerminal Server Client Access Licenses (TS-

CAL), 10timeout, 37

Uuninstallation, 15upgrade procedure, 16utlicenseadm, 24uttscpd, 13, 26uttscprinteradm, 27uttscrestart, 26uttscwrap, 24

VVC-1, 43

WWindows Media Player, 17Windows Registry, 30Windows Session Locking, 40Windows Terminal Server, 1

XXinerama, 43


Documents

SunRay ConnectorforWindowsOperatingSystems 2 ...Using UNIX Commands This document does not contain information on basic UNIX® commands and procedures, such as shutting down the system,